Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History
<< Previous Version 8 Next >>

554 5.7.1 Delivery not authorized

Question

I tried to send MIT email and got an email error "554 5.7.1", what does it mean?

554 5.7.1 Delivery not authorized
554 5.7.1 You are not allowed to connect

Answer

Our Spam filter (Symantec Brightmail) can block various messages for various reasons.

Symantec's official answer to the topic is here:
http://www.symantec.com/docs/TECH169847 - Message Rejected with SMTP Code 554. 5.7.1

MIT-specific answer

While Symantec's official answer gives a few bullet points for people to work through, we can comment that the most common situations encountered by IS&T Customer Support are:

  • problems with the sender's reputation
  • problems with the sender's DNS.

Sender's Reputation

When a sending site connects to MIT to submit mail, MIT's spam filter does some lookups based on the IP address of the connecting site. If the spam filter determines that the sender's IP address has a "negative reputation", it will reject the mail with a 554 5.7.1 error.

To investigate problems with the sender's reputation, consult
http://ipremoval.sms.symantec.com/lookup/

Sender's DNS

In addition to considering the reputation of the sender's IP address, MIT's spam filter also checks to see if the sender has configured reverse DNS for their IP address. Loosely speaking, MIT requires that the sender have a properly-configured hostname, and treats them as a spammer if they do not.

The more technically correct description is that MIT's spam filter checks for "Forward-confirmed reverse DNS". It does a reverse-DNS lookup on the sender's IP address to check for a PTR record, then uses the hostname from the PTR record for a regular forward-DNS lookup, and checks that the resulting IP address matches the original.

Other considerations

Diagnosing these problems can be difficult, because mail errors do not always give a good report of IP addresses. The sender may not know the IP address of their edge mail servers.

One approach is to ask the sender to send a test message to a non-MIT site like Gmail. Once the test message is received, we can use "show original" to view the Received headers, which will reveal IP addresses of mail servers.

Example of error message

Here is an example of this kind of mail error; see "554 5.7.1 Delivery not authorized" at the bottom.

Example showing "554 5.7.1 Delivery not authorized"

----- The following addresses had permanent fatal errors
-----<username@mit.edu> <username@mit.edu>
(reason: 554 5.7.1 Delivery not authorized)

----- Transcript of session follows -----
... while talking to dmz-mailsec-scanner-8.mit.edu.:
<<< 554 5.7.1 Delivery not authorized
... while talking to dmz-mailsec-scanner-1.mit.edu.:
<<< 554 5.7.1 Delivery not authorized
... while talking to dmz-mailsec-scanner-6.mit.edu.:
<<< 554 5.7.1 Delivery not authorized
554 5.0.0 Service unavailable

Reporting-MTA: dns; xxxxx.yyyyy.zzz
Received-From-MTA: DNS; www.xxxxx.yyyyy.zzz
Arrival-Date: Thu, 2 Feb 2012 14:01:15 -0500 (EST)

Final-Recipient: RFC822; username@mit.edu
Action: failed
Status: 5.5.0
Diagnostic-Code: SMTP; 554 5.7.1 Delivery not authorized
Last-Attempt-Date: Thu, 2 Feb 2012 14:01:16 -0500 (EST)

How to check DNS

You can use nslookup or host or other tools to check to see if an IP address reverse-resolves.

examle of using "host" to do reverse-DNS lookup

$ host 18.70.0.160
160.0.70.18.in-addr.arpa domain name pointer W20NS.MIT.EDU.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki